Opened 13 months ago

Last modified 9 months ago

#18973 assigned defect

Possible authentication bug

Reported by: arlolra Owned by: arlolra
Priority: Very High Milestone:
Component: Applications/Tor Messenger Version:
Severity: Critical Keywords:
Cc: juha, sukhbir Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


First we started a fresh conversation and messages went through. We
compared our fingerprints using other channel and they didn't match. After
this I restarted my Tor Messenger and then fingerprints matched. All the
time we used same devices.

See the thread on tor-talk

Child Tickets

Change History (3)

comment:1 Changed 13 months ago by arlolra

  • Priority changed from Medium to Very High
  • Severity changed from Major to Critical

My fingerprint matched but my contact's was not matching.

comment:2 Changed 9 months ago by arlolra

Pasting the contents of the last email exchanged with OP for posterity. No response as of yet but, at this point, the details are probably lost in time.

Let me try to describe what we think we know so far.
Thanks again for bearing with me.

1) You have had multiple conversation with that contact
in the past.  I assume you mean with Tor Messenger, and
therefore they were OTR sessions, and that in those
previous session you did not verify their fingerprint,
and they were with the accounts in question. See 3) though.

2) At the time, you were having two other conversations.
I assume they were with your same XMPP account and that,
since it was using Tor Messenger, they were also OTR
sessions, and that you've since checked that neither
of those contacts are in possession of a key with the
fingerprint in question.

3) You started an OTR session with the contact.  The
contact is using a new account (and therefore had a
new key).  Maybe you meant in 1) the contact themself
was not new to you, but that this was the first time
you were chatting with this account / key, and therefore
decided to authenticate it.  Please clarify this situation.

4) You exchanged several messages inside this OTR session.

5) Then, you opened the manual finger verification pane, and in
an out-of-band channel, compared fingerprints.  You communicated
your fingerprint to your contact and it matched.  They communicated
their fingerprint to you, and it did not match.

The first thing to note is that if 5) is true and there
was a man-in-the-middle, then it also implies your private
key has been compromised.  There's no way for the MITM to
impersonate you.  If they really are in the middle, they
need to establish sessions with each of you, so you
would both see an unknown key.

(Assuming the OTR protocol isn't broken in some
unknown way, and that it is implemented correctly ...
which, since both clients are using libotr, confidence
is high).

So, I don't think this was a MITM at the OTR layer.
And the TLS layer is irrelevant.

There are at least two possibilities I can think of next.

One, your contact did actually present this other
key the first time around.  This is supported by the fact
that your "known fingerprints" has recorded it.  However,
since you must have double checked when fingerprints didn't
match, and since they claim to not have restarted their
application, it's unlikely.  It would be nice if you
could get your contact to compute all the fingerprints
for the keys in their ~/.purple/otr.private_keys file.
Any chance they had another simultaneously connected client?

Two, some sort of similar situation like in #17833, where
Tor Messenger was presenting to you the fingerprint of
a merged contact.  This seems like the likelier of the two.

comment:3 Changed 9 months ago by arlolra

  • Owner set to arlolra
  • Status changed from new to assigned
Note: See TracTickets for help on using tickets.